The 3 keys to IT security for SMBs

In collaboration with Netsurion.

Cybersecurity is about more than just technology – it’s also the people and processes in place to ensure that organizations enact security measures in a way that minimizes risk.

Finding the right people with the right skills and knowledge to keep the business safe from online threats is a challenge at the best of times. Add the complications around COVID-19 and the complexities of remote work and an expanding threat landscape, and it’s no surprise that a recent forecast suggests cybersecurity spending could increase to outpace overall economic growth by early 2021.

Is your small or mid-sized business ready for these challenges?

To help you answer that question, we explore the 3 biggest cybersecurity threats to SMBs today and how to overcome them.

New challenges

As a small-to-medium-size business (SMB), emerging threats from the new work-from-home scenario may have seemed more annoying than dangerous. Tactics like zoombombing, which at first seemed to be a childish form of cyber harassment, quickly took a darker turn. But as the lockdowns continued, organizations around the world faced steeper challenges.

Many SMBs didn’t fully anticipate the security risks associated with people working on unsecured home networks, accessing work files and data with personal devices or using non-approved cloud-based file-sharing services. For the most part, these organizations had to respond to threats while dealing with (in many cases) steep reductions in revenue and the need for IT personnel to work from home themselves.

The pandemic has also seen a rise in reports of malware, formjacking, and compromised websites, as well as growing numbers of email attacks preying upon concerns about COVID-19.

The rising costs of cyber attacks

A 2019 study of 850 SMBs (ranging from 10 to 1000 employees) found that nearly two-thirds had experienced a cyber attack. Nearly all of those surveyed said that cybersecurity was a top 5 priority in their organization, but 62 percent also said that they didn’t have enough IT talent on staff to adequately defend against attacks. Meanwhile, 52 percent reported that they felt unable to defend themselves against new types of cyber attacks.

Although reports of cybersecurity breaches often focus on the number of records left exposed, in incidents involving SMBs, data loss is often the least of their concerns. Instead, it’s the costs in lost reputation and customers that have an impact, even after the network is secure again. Time is also a critical factor. The longer a breach goes undetected, the higher the associated penalties in lost business.

Every organization needs protection against online threats, malware, suspicious behavior and unusual network traffic. It’s important that protective measures kick in quickly so that businesses can shut down the threat before lasting damage occurs.

What is SOC-as-a-Service and why is it important?

A good security operations center (SOC) is built on 3 important and interrelated components: technology (platform), people, and process.

It takes all 3 working in concert to achieve the goal of cybersecurity defense.

To build the infrastructure for a comprehensive SOC takes several tools and technologies. A complete, tuned security information and event management (SIEM) solution provides the visibility foundation for the platform. Additional elements include firewalls, IPS/IDS, vulnerability assessments, and threat intelligence feeds, so the SOC staff can correlate and analyze activity.

At the same time, endpoint monitoring technologies that scan for vulnerabilities, protect sensitive data, and ensure compliance with industry and government regulations feed into the platform. But no platform can ensure optimal detection without the application of machine learning to the massive amounts of data that flow through it. In turn, this needs to be fine-tuned by human specialists, making up the people component.

A SOC calls for a dedicated team of highly skilled security analysts, with the bandwidth to monitor 24/7. To be able to configure security monitoring tools, do triage, perform root cause analysis and conduct in-depth threat hunting, they need sysadmin skills, capability in a variety of programming languages, in-depth security knowledge and relevant certifications such as CISSP, GCIA, GCFA, and others.

In today’s market, the shortage of security experts is an established fact. Industry group (ISC)2 predicts there will be a global shortage of almost 2 million cybersecurity professionals by 2022. Being an effective member of a SOC team calls for skills, discipline and a clear understanding of all the activities that must be carried out, which leads us to the process component.

Processes related to a SOC are based on a clear definition of the strategy that incorporates business-specific goals and the organization’s risk tolerance. Documentation of the strategy, goals and risk posture forms the basis for process documentation. Each stage of an investigation is spelled out in detail. To ensure the highest quality SOC, an organization may want to pursue ISO certification to demonstrate that proper information security controls are in place. Read more about going from “Zero to SOC” in this whitepaper from Netsurion.

The effects of the cybersecurity skills shortage

Even before COVID-19, many SMBs struggled to staff their network and IT security teams. The 2019  Cybersecurity Workforce Study estimated that more than 4 million positions were left unfilled, and this shortage will only have grown because of the economic impact of the pandemic.

For many organizations, the effects of short-staffed network and IT teams can be serious. Understaffed teams are more likely to be overwhelmed by the number of tools they need to evaluate and implement – an important point to consider when a given SMB might have as many as 50 or 60 different solutions in place.

In the current climate, with many businesses already facing financial pressures due to lost revenue, IT budgets are already straining to protect staff as they work from anywhere, and often, on any devices.

Already challenging before the pandemic, the role of network and IT security is even more complex due to the need to protect a remote workforce and an increased pace of attacks, and they need to do all this with a smaller budget.

Key challenges businesses face to stay secure include:

  • The need to support an already-lean IT team, but without hiring additional staff
  • The ability to access flexible options that meet SMB budget constraints
  • The need for a purpose-built threat detection and response system that uses machine learning, behavior analytics, and security orchestration – all with 24/7 SOC expertise
  • Getting started quickly with minimal training and limited downtime once running

Organizations rely on digital and remote capabilities. They must run fast and lean while maintaining secure networks and avoiding risk gaps in cybersecurity. Netsurion’s industry-leading SIEM platform with a SOC fuses people, process and technology. Netsurion is driven by the importance of cybersecurity and works to make it a reality for every organization, no matter their size or budget.

Connect with us to learn more about the Netsurion solutions that will help keep your business secure against cyber threats.

Data security: Lessons from the front lines of breach research

IBM Ponemon data security breach study Softchoice

Data security is a continuous battle against malicious forces—one in which the key to a successful strategy is information.

Dr. Larry Ponemon, the Chairman and Founder of the Ponemon Institute, has for more than a decade, been on the front lines of data security research.  His organization’s 2016 Cost of Data Breach Study: Global Analysis has telling intelligence for us to take to the trenches in our own fight against malware and privacy threats.

[Read more…]